There are dozens of offline passwords crackers for most password-protected resources. Those crackers are designed to find weak passwords and let the administrator know how safe his resources really are. Brutus is a different kind of password cracker. It works online, trying to break telnet, POP3, FTP, HTTP, RAS or IMAP by simply trying to login as a legitimate users. Brutus imitates a real outside attack (unlike other password cracking applications that simulate an internal attack) and thus serves as a valuable security-auditing tool. Brutus can run in single user mode (trying to break into a single user's account by trying different password combinations) or by trying a list of user/password combinations from a word file. The application scans the host for known services and can be easily customized to break-in any other custom service requiring interactive logon of a username and a password. Using Brutus will teach you a lot about your system, since it simulates a real attack. To make a good use of Brutus's attack simulation an administrator should that note whether the break-in attempts are logged, and whether a timeout is issued after a few failed logins - this can be easily seen by the progress Brutus is making.

0 pensamientos:

Post a Comment